k8 deploy, only follow the abp.io suite template (v5.2.1), and change some necessary Env settings. Add the TLS secret follow this document : https://github.com/abpframework/eShopOnAbp/tree/main/etc
Error Info:
[03:43:53 INF] Executing endpoint 'MOS.Blazor.Controllers.AccountController.Login (MOS.Blazor)'
[03:43:53 INF] Route matched with {action = "Login", controller = "Account", area = "", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult Login(System.String, System.String) on controller MOS.Blazor.Controllers.AccountController (MOS.Blazor).
[03:43:53 INF] Executing ChallengeResult with authentication schemes (["oidc"]).
[03:43:58 INF] Executed action MOS.Blazor.Controllers.AccountController.Login (MOS.Blazor) in 5219.8724ms
[03:43:58 INF] Executed endpoint 'MOS.Blazor.Controllers.AccountController.Login (MOS.Blazor)'
[03:43:58 ERR] An unhandled exception has occurred while executing the request.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'.
---> System.Net.Http.HttpRequestException: Connection refused (mos-st-authserver:443)
---> System.Net.Sockets.SocketException (111): Connection refused
Here is my Values.yaml
# auth-server sub-chart override
authserver:
config:
selfUrl: https://mos-st-authserver
corsOrigins: https://mos-st-gateway-web,https://mos-st-gateway-web-public,https://mos-st-identity,https://mos-st-administration,https://mos-st-saas,https://mos-st-product
allowedRedirectUrls: https://mos-st-angular
identityService:
connString: "Server=mos-st-sqldb,1433;Database=MOS_Identity;User Id=sa;password=myPassw@rd"
administrationService:
connString: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService:
connString: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
ingress:
host: mos-st-authserver
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-app-authserver
tag: latest
# identity-service sub-chart override
identity:
config:
selfUrl: https://mos-st-identity
corsOrigins: https://mos-st-gateway-web, https://mos-st-gateway-web-public
connectionStrings:
identityService: "Server=mos-st-sqldb,1433;Database=MOS_Identity;User Id=sa;password=myPassw@rd"
administrationService: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
identityServerClients:
blazorServerRootUrl: https://mos-st-web/
publicWebRootUrl: https://mos-st-publicweb/
webGatewayRootUrl: https://mos-st-gateway-web/
publicWebGatewayRootUrl: https://mos-st-gateway-web-public/
identityServerResources:
accountServiceRootUrl: https://mos-st-authserver/
identityServiceRootUrl: https://mos-st-identity/
administrationServiceRootUrl: https://mos-st-administration/
saasServiceRootUrl: https://mos-st-saas/
productServiceRootUrl: https://mos-st-product/
clientServiceRootUrl: https://mos-st-client/
notificationServiceRootUrl: https://mos-st-notification/
ingress:
host: mos-st-identity
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-service-identity
tag: latest
# administration-service sub-chart override
administration:
config:
selfUrl: https://mos-st-administration
gatewayUrl: http://mos-st-gateway-web
corsOrigins: https://mos-st-gateway-web,https://mos-st-gateway-web-public
connectionStrings:
administrationService: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
synchedCommunication: # Used for server-to-server (client-credentials) communication with identityService for user permissions
authority: https://mos-st-authserver
ingress:
host: mos-st-administration
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-service-administration
tag: latest
# saas-service sub-chart override
saas:
config:
selfUrl: https://mos-st-saas
corsOrigins: https://mos-st-gateway-web
connectionStrings:
administrationService: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
ingress:
host: mos-st-saas
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-service-saas
tag: latest
# product-service sub-chart override
product:
config:
selfUrl: https://mos-st-product
corsOrigins: https://mos-st-gateway-web,https://mos-st-gateway-web-public
connectionStrings:
productService: "Server=mos-st-sqldb,1433;Database=MOS_ProductService;User Id=sa;password=myPassw@rd"
administrationService: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
ingress:
host: mos-st-product
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-service-product
tag: latest
# notification-service sub-chart override
notification:
config:
selfUrl: https://mos-st-notification
corsOrigins: https://mos-st-gateway-web,https://mos-st-gateway-web-public
connectionStrings:
notificationService: "Server=mos-st-sqldb,1433;Database=MOS_NotificationService;User Id=sa;password=myPassw@rd"
administrationService: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
ingress:
host: mos-st-notification
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-service-notification
tag: latest
# client-service sub-chart override
client:
config:
selfUrl: https://mos-st-client
corsOrigins: https://mos-st-gateway-web,https://mos-st-gateway-web-public
connectionStrings:
clientService: "Server=mos-st-sqldb,1433;Database=MOS_ClientService;User Id=sa;password=myPassw@rd"
administrationService: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
ingress:
host: mos-st-client
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-service-client
tag: latest
# gateway-web sub-chart override
gateway-web:
config:
selfUrl: https://mos-st-gateway-web
corsOrigins: https://mos-st-web
globalConfigurationBaseUrl: http://mos-st-gateway-web
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
reRoutes:
authserver:
schema: http
host: mos-st-authserver
port: 80
identityService:
schema: # http
host: mos-st-identity
port: 80
administrationService:
schema: http
host: mos-st-administration
port: 80
saasService:
schema: # http
host: mos-st-saas
port: 80
productService:
schema: http
host: mos-st-saas
port: 80
ingress:
host: mos-st-gateway-web
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-gateway-web
tag: latest
pullPolicy: IfNotPresent
# gateway-web-public sub-chart override
gateway-web-public:
config:
selfUrl: https://mos-st-gateway-web-public
globalConfigurationBaseUrl: http://mos-st-gateway-web-public
corsOrigins: https://mos-st-publicweb
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
reRoutes:
identityService:
schema: http
host: mos-st-identity
port: 80
administrationService:
schema: http
host: mos-st-administration
port: 80
productService:
schema: http
host: mos-st-product
port: 80
ingress:
host: mos-st-gateway-web-public
tlsSecret: mos-tls
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-gateway-web-public
tag: latest
pullPolicy: IfNotPresent
kibana:
config:
elasticsearchUrl: http://mos-st-elasticsearch:9200
# dbmigrator sub-chart override
dbmigrator:
config:
connectionStrings:
identityService: "Server=mos-st-sqldb,1433;Database=MOS_Identity;User Id=sa;password=myPassw@rd"
administrationService: "Server=mos-st-sqldb,1433;Database=MOS_Administration;User Id=sa;password=myPassw@rd"
saasService: "Server=mos-st-sqldb,1433;Database=MOS_Saas;User Id=sa;password=myPassw@rd"
productService: "Server=mos-st-sqldb,1433;Database=MOS_ProductService;User Id=sa;password=myPassw@rd"
clientService: "Server=mos-st-sqldb,1433;Database=MOS_ClientService;User Id=sa;password=myPassw@rd"
notificationService: "Server=mos-st-sqldb,1433;Database=MOS_NotificationService;User Id=sa;password=myPassw@rd"
dotnetEnv: Staging
identityServerClients:
blazorServerRootUrl: https://mos-st-web/
publicWebRootUrl: https://mos-st-publicweb/
webGatewayRootUrl: https://mos-st-gateway-web/
publicWebGatewayRootUrl: https://mos-st-gateway-web-public/
identityServerResources:
accountServiceRootUrl: https://mos-st-authserver/
identityServiceRootUrl: https://mos-st-identity/
administrationServiceRootUrl: https://mos-st-administration/
saasServiceRootUrl: https://mos-st-saas/
productServiceRootUrl: https://mos-st-product/
clientServiceRootUrl: https://mos-st-client/
notificationServiceRootUrl: https://mos-st-notification/
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-db-migrator
tag: latest
pullPolicy: IfNotPresent
# Public Web application sub-chart override
publicweb:
config:
selfUrl: https://mos-st-publicweb
gatewayUrl: http://mos-st-gateway-web-public
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
ingress:
host: mos-st-publicweb
tlsSecret: mos-tls
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-app-publicweb
tag: latest
pullPolicy: IfNotPresent
# Web(Blazor-Server) backoffice application sub-chart override
web:
config:
selfUrl: https://mos-st-web
gatewayUrl: http://mos-st-gateway-web
authServer:
authority: http://mos-st-authserver
requireHttpsMetadata: "false"
dotnetEnv: Staging
redisHost: mos-st-redis
rabbitmqHost: mos-st-rabbitmq
elasticsearchUrl: http://mos-st-elasticsearch
ingress:
host: mos-st-web
tlsSecret: mos-tls
image:
imagePullSecretName: regcred
repository: 123123123.dkr.ecr.ap-east-1.amazonaws.com/mos-app-blazor-server
tag: latest
pullPolicy: IfNotPresent
# Default values for MOS.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: nginx
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
It's very hard to figure out which env setting is HTTPS or HTTP. I have double-checked the template many times, but it does not work.
Any wrong setting will cause show "Not secure Page" and the log exception: 443 refused.
Does anyone have a workable sample run in k8s with abp.io v5.2.1?
Actually, this issue is the same as QA #3009 https://support.abp.io/QA/Questions/3009, but it closed.
Gateway Web auth error: https://mos-st-gateway-web/swagger/index.html After auth: Show
I am assuming it is AccountService since web-gateway swagger just shows the microservice swagger endpoints it redirects at API definitions.
The error indicates that the client is trying to reach the issuer at
mos-st-authserver:443
however it should use http instead of https inside the internal network.Does this occur on web-gateway, AccountService only? Can you try other microservices over the web-gateway? Can you also try directly the microservice swagger endpoint?
After Auth: Console show 'https://mos-st-administration/swagger/index.html' was loaded over HTTPS, but requested an insecure resource 'http://mos-st-authserver/connect/token'.
the swagger is https, but we set the authserver to http...
It's very helpful to deploy an abp.io microservice template to a Helm hub for reference... Please consider that.
Is this docker for desktop local kubernetes cluster you are trying to run? This seems to be related to swagger authentication. I will try to reproduce the problem. Do you have any custom configurations on ingress.yaml files?
It's very helpful to deploy an abp.io microservice template to a Helm hub for reference... Please consider that.
Thank you for the suggestion. I will create an internal issue for this.
Yes, I use the docker desktop for testing. No change with the ingress file, just installed the NGINX Ingress Controller according to the description.
kubernetes.io/ingress.class: "nginx"
Only install the "cert-manager" in k8s but do nothing, because I just tested in the local network. Should I do something about the letsencrypt
?
cert-manager.io/cluster-issuer: letsencrypt
accountservice
It works well in https://mos-st-authserver/Account/Login
But if I authorize from https://mos-st-administration/swagger/index.html , the first time it will show:
I have nothing change about the authserver project, build it with docker build (/build-images.ps1) and add the TLS secret follow this document : https://github.com/abpframework/eShopOnAbp/tree/main/etc
Letsencrypt won't work since you are not using real domains. Is your authserver (already accountservice) running on https?
Do you get Not secure/trusted error? Internal request to issuer endpoint can fail because of returning a not secure page.
Is that a way to let service call authserver with https, because all the question is base on it
This is a exception from Administration Service.
[08:30:02 INF] Request starting HTTP/1.1 GET http://mos-st-administration/api/language-management/languages/all - -
[08:30:02 ERR] Exception occurred while processing message.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'.
---> System.Net.Http.HttpRequestException: Connection refused (mos-st-authserver:443)
---> System.Net.Sockets.SocketException (111): Connection refused
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
at System.Net.Sockets.Socket.<ConnectAsync>g__WaitForConnectWithCancellation|277_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectToTcpHostAsync(String host, Int32 port, HttpRequestMessage initialRequest, Boolean async, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
This exception cause by I try to use postman get token from https://mos-st-authserver/ and use token to get service : https://mos-st-administration/api/language-management/languages/all
This is the payload in token:
{
"nbf": 1651826063,
"exp": 1683362063,
"iss": "https://mos-st-authserver",
"aud": "AdministrationService",
"client_id": "WebGateway_Swagger",
"sub": "414da19f-8697-7bc7-089e-3a03aa97ec05",
"auth_time": 1651826063,
"idp": "local",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "admin",
"unique_name": "admin",
"preferred_username": "admin",
"given_name": "admin",
"role": "admin",
"phone_number_verified": "False",
"email": "admin@abp.io",
"email_verified": "False",
"name": "admin",
"sid": "0112997F344EA7D0B1C09B7AB815FBE2",
"iat": 1651826063,
"scope": [
"AdministrationService"
],
"amr": [
"pwd"
]
}
It is not related with the token.
Add the code below to AdministrationServiceModule
ConfigureServices
method to see detailed information about the OpenId error:Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
It can be a problem with swagger authorization. When you are making a request from the browser to login, you are redirected to
http://mos-st-authserver
(AuthServer:Authority) however it is served under https on the browser.Maybe you can try sending a header from WebGateway Ingress and write a midware at AuthServer to redirect to https if the request is coming from the browser:
app.Use(async (ctx, next) => { if (ctx.Request.Headers.ContainsKey("from-ingress")) { ctx.Request.Scheme = "https"; return next(); } return next(); });
This way, when you are making a login request from swagger, you should be redirected to
https://mos-st-authserver
and the token validation Issuer will still navigate tohttp://mos-st-authserver
inside the internal kubernetes network.
The default template contains the logic just like what you said. And I change it to "ctx.Request.Scheme = "https" and it shows the same error log.
app.Use(async (ctx, next) =>
{
if (ctx.Request.Headers.ContainsKey("from-ingress"))
{
ctx.SetIdentityServerOrigin(configuration["App:SelfUrl"]);
}
await next();
});
I use Postman to get token success and request the API in http://mos-st-administration/api/language-management/languages/all To avoid the swagger redirect, just use REST-API only. I have set all the yaml
- name: AuthServer__Authority
value: http://mos-st-authserver
- name: AuthServer__RequireHttpsMetadata
value: 'false'
but it still show the error: ---> System.Net.Http.HttpRequestException: Connection refused (mos-st-authserver:443) I have no idea why it redirect to 443
There may be a problem with overriding the configuration in your kubernetes values files.
Do you deploy as a single helm chart and be sure that the
Values.yaml
has the correct configuration? If you are deploying applications individually, you need to update related helm chartValues.yaml
.Can you also add the related code to show detailed OpenId error and rebuild/redeploy your application? There might be a clue.
Here is the yamls I copy from kubernetes dashboard. administration:
kind: Deployment
apiVersion: apps/v1
metadata:
name: mos-st-administration
namespace: mos-st
uid: 5e6f7465-f220-4e47-bc88-e8ef0f0b31c0
resourceVersion: '1475368'
generation: 2
creationTimestamp: '2022-05-08T04:43:48Z'
labels:
app.kubernetes.io/managed-by: Helm
annotations:
deployment.kubernetes.io/revision: '2'
meta.helm.sh/release-name: mos-st
meta.helm.sh/release-namespace: mos-st
managedFields:
- manager: helm
operation: Update
apiVersion: apps/v1
time: '2022-05-08T04:43:48Z'
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:meta.helm.sh/release-name: {}
f:meta.helm.sh/release-namespace: {}
f:labels:
.: {}
f:app.kubernetes.io/managed-by: {}
f:spec:
f:progressDeadlineSeconds: {}
f:replicas: {}
f:revisionHistoryLimit: {}
f:selector: {}
f:strategy:
f:rollingUpdate:
.: {}
f:maxSurge: {}
f:maxUnavailable: {}
f:type: {}
f:template:
f:metadata:
f:labels:
.: {}
f:app: {}
f:spec:
f:containers:
k:{"name":"mos-st-administration"}:
.: {}
f:env:
.: {}
k:{"name":"App__CorsOrigins"}:
.: {}
f:name: {}
f:value: {}
k:{"name":"App__SelfUrl"}:
.: {}
f:name: {}
f:value: {}
k:{"name":"AuthServer__Authority"}:
.: {}
f:name: {}
f:value: {}
k:{"name":"AuthServer__RequireHttpsMetadata"}:
.: {}
f:name: {}
f:value: {}
k:{"name":"ConnectionStrings__AdministrationService"}:
.: {}
f:name: {}
f:value: {}
k:{"name":"ConnectionStrings__SaasService"}:
.: {}
f:name: {}
f:value: {}
k:{"name":"DOTNET_ENVIRONMENT"}:
.: {}
f:name: {}
f:value: {}
k:{"name":"ElasticSearch__Url"}:
.: {}
f:name: {}
f:value: {}
k:{"name":"IdentityClients__Default__Authority"}:
.: {}
f:name: {}
k:{"name":"RabbitMQ__Connections__Default__HostName"}:
.: {}
f:name: {}
f:value: {}
k:{"name":"Redis__Configuration"}:
.: {}
f:name: {}
f:value: {}
k:{"name":"RemoteServices__Default__BaseUrl"}:
.: {}
f:name: {}
f:value: {}
k:{"name":"StringEncryption__DefaultPassPhrase"}:
.: {}
f:name: {}
f:value: {}
f:image: {}
f:imagePullPolicy: {}
f:name: {}
f:ports:
.: {}
k:{"containerPort":80,"protocol":"TCP"}:
.: {}
f:containerPort: {}
f:name: {}
f:protocol: {}
k:{"containerPort":443,"protocol":"TCP"}:
.: {}
f:containerPort: {}
f:name: {}
f:protocol: {}
f:resources: {}
f:terminationMessagePath: {}
f:terminationMessagePolicy: {}
f:dnsPolicy: {}
f:imagePullSecrets:
.: {}
k:{"name":"regcred"}: {}
f:restartPolicy: {}
f:schedulerName: {}
f:securityContext: {}
f:terminationGracePeriodSeconds: {}
- manager: dashboard
operation: Update
apiVersion: apps/v1
time: '2022-05-08T07:46:42Z'
fieldsType: FieldsV1
fieldsV1:
f:spec:
f:template:
f:spec:
f:containers:
k:{"name":"mos-st-administration"}:
f:env:
k:{"name":"IdentityClients__Default__Authority"}:
f:value: {}
- manager: kube-controller-manager
operation: Update
apiVersion: apps/v1
time: '2022-05-08T07:46:44Z'
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
f:deployment.kubernetes.io/revision: {}
f:status:
f:availableReplicas: {}
f:conditions:
.: {}
k:{"type":"Available"}:
.: {}
f:lastTransitionTime: {}
f:lastUpdateTime: {}
f:message: {}
f:reason: {}
f:status: {}
f:type: {}
k:{"type":"Progressing"}:
.: {}
f:lastTransitionTime: {}
f:lastUpdateTime: {}
f:message: {}
f:reason: {}
f:status: {}
f:type: {}
f:observedGeneration: {}
f:readyReplicas: {}
f:replicas: {}
f:updatedReplicas: {}
subresource: status
spec:
replicas: 1
selector:
matchLabels:
app: mos-st-administration
template:
metadata:
creationTimestamp: null
labels:
app: mos-st-administration
spec:
containers:
- name: mos-st-administration
image: >-
359134898311.dkr.ecr.ap-east-1.amazonaws.com/mos-service-administration:latest
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
env:
- name: App__SelfUrl
value: https://mos-st-administration
- name: RemoteServices__Default__BaseUrl
value: http://mos-st-gateway-web
- name: App__CorsOrigins
value: https://mos-st-gateway-web,https://mos-st-gateway-web-public
- name: IdentityClients__Default__Authority
value: http://mos-st-authserver
- name: ConnectionStrings__AdministrationService
value: >-
Server=mos-st-sqldb,1433;Database=MOS_Administration;User
Id=sa;password=myPassw@rd
- name: ConnectionStrings__SaasService
value: >-
Server=mos-st-sqldb,1433;Database=MOS_Saas;User
Id=sa;password=myPassw@rd
- name: DOTNET_ENVIRONMENT
value: Staging
- name: Redis__Configuration
value: mos-st-redis
- name: AuthServer__Authority
value: http://mos-st-authserver
- name: AuthServer__RequireHttpsMetadata
value: 'false'
- name: StringEncryption__DefaultPassPhrase
value: gsKnGZ041HLL4IM8
- name: RabbitMQ__Connections__Default__HostName
value: mos-st-rabbitmq
- name: ElasticSearch__Url
value: http://mos-st-elasticsearch
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
restartPolicy: Always
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
securityContext: {}
imagePullSecrets:
- name: regcred
schedulerName: default-scheduler
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 25%
maxSurge: 25%
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
status:
observedGeneration: 2
replicas: 1
updatedReplicas: 1
readyReplicas: 1
availableReplicas: 1
conditions:
- type: Available
status: 'True'
lastUpdateTime: '2022-05-08T04:44:27Z'
lastTransitionTime: '2022-05-08T04:44:27Z'
reason: MinimumReplicasAvailable
message: Deployment has minimum availability.
- type: Progressing
status: 'True'
lastUpdateTime: '2022-05-08T07:46:44Z'
lastTransitionTime: '2022-05-08T04:43:48Z'
reason: NewReplicaSetAvailable
message: >-
ReplicaSet "mos-st-administration-5bc6f6fc68" has successfully
progressed.
kind: Service
apiVersion: v1
metadata:
name: mos-st-administration
namespace: mos-st
uid: 4596aec0-241f-4024-98d7-836037649eb0
resourceVersion: '1458270'
creationTimestamp: '2022-05-08T04:43:48Z'
labels:
app.kubernetes.io/managed-by: Helm
name: mos-st-administration
annotations:
meta.helm.sh/release-name: mos-st
meta.helm.sh/release-namespace: mos-st
managedFields:
- manager: helm
operation: Update
apiVersion: v1
time: '2022-05-08T04:43:48Z'
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:meta.helm.sh/release-name: {}
f:meta.helm.sh/release-namespace: {}
f:labels:
.: {}
f:app.kubernetes.io/managed-by: {}
f:name: {}
f:spec:
f:internalTrafficPolicy: {}
f:ports:
.: {}
k:{"port":80,"protocol":"TCP"}:
.: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
k:{"port":443,"protocol":"TCP"}:
.: {}
f:name: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
f:selector: {}
f:sessionAffinity: {}
f:type: {}
spec:
ports:
- name: '80'
protocol: TCP
port: 80
targetPort: 80
- name: '443'
protocol: TCP
port: 443
targetPort: 443
selector:
app: mos-st-administration
clusterIP: 10.101.5.16
clusterIPs:
- 10.101.5.16
type: ClusterIP
sessionAffinity: None
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
internalTrafficPolicy: Cluster
status:
loadBalancer: {}
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: mos-st-administration-ingress
namespace: mos-st
uid: b4eb866f-e020-4bee-9a53-05a46b5f4185
resourceVersion: '1458741'
generation: 1
creationTimestamp: '2022-05-08T04:43:48Z'
labels:
app.kubernetes.io/managed-by: Helm
annotations:
meta.helm.sh/release-name: mos-st
meta.helm.sh/release-namespace: mos-st
nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
nginx.ingress.kubernetes.io/proxy-buffer-size: 32k
nginx.ingress.kubernetes.io/proxy-buffers-number: '8'
nginx.ingress.kubernetes.io/rewrite-target: /
managedFields:
- manager: helm
operation: Update
apiVersion: networking.k8s.io/v1
time: '2022-05-08T04:43:48Z'
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:meta.helm.sh/release-name: {}
f:meta.helm.sh/release-namespace: {}
f:nginx.ingress.kubernetes.io/force-ssl-redirect: {}
f:nginx.ingress.kubernetes.io/proxy-buffer-size: {}
f:nginx.ingress.kubernetes.io/proxy-buffers-number: {}
f:nginx.ingress.kubernetes.io/rewrite-target: {}
f:labels:
.: {}
f:app.kubernetes.io/managed-by: {}
f:spec:
f:ingressClassName: {}
f:rules: {}
f:tls: {}
- manager: nginx-ingress-controller
operation: Update
apiVersion: networking.k8s.io/v1
time: '2022-05-08T04:44:14Z'
fieldsType: FieldsV1
fieldsV1:
f:status:
f:loadBalancer:
f:ingress: {}
subresource: status
spec:
ingressClassName: nginx
tls:
- hosts:
- mos-st-administration
secretName: mos-tls
rules:
- host: mos-st-administration
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: mos-st-administration
port:
number: 80
status:
loadBalancer:
ingress:
- hostname: localhost
And the .net code I still use the default template.